Blog Archives

Injecting Logon Credentials With PowerShell

In this article I will introduce a new script, Inject-LogonCredentials, that uses PowerShell (specifically, the Invoke-ReflectivePEInjection script) to inject credentials in memory. I’ll start with a brief review of the current commonly used methods of using stolen credentials. Doing a

Tagged with: , , , ,
Posted in Hacking, PowerShell

Avoiding PowerShell Command Injection & Unicode Issues

PowerShell exposes a powerful set of functionality and is increasing in popularity for server management tasks. This post aims to help penetration testers identify issues that may be found when PowerShell scripts handle user input. There are multiple scenarios where

Tagged with: , , ,
Posted in Hacking, PowerShell

Using PowerShell to Copy NTDS.dit / Registry Hives, Bypass SACL’s / DACL’s / File Locks

Currently there are a few ways to dump Active Directory and local password hashes. Until recently, the techniques I had seen used to get the hashes either relied on injecting code in to LSASS or using the Volume Shadow Copy

Tagged with: , , , , , ,
Posted in Hacking